I must be very unlucky, this is the 3rd time I’ve had to come to these forums to get help to remove some stupid virus (each time a different virus).
I’ve used ComboFix before, but its been removed. I want to state this upfront as I know the tech support likes to run a clean scan with it, so anything you need me to do before hand to make sure I do a clean run, let me know.
I found out about this virus due to trying to patch an online game, and my patching was blocked. I ran Avast and upon boot-time scan, these two viruses popped up.
This virus (I assume) is not allowing me to download anything… Doesn’t matter if it is an Anti-virus program or anything, it’s preventing me from saving or running, I get a pop-up saying what I attempted to download contains a virus.
Also, I am not able to SAVE anything… I ran Malwarebytes (already had it on my PC) but it did not save any log files. I wanted to do a print screen of the Quarantine field just so you could see what has been quarantined recently, but it won’t let me save the jpg (through MS Paint).
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
This has been a real pain… Can’t manage to save anything to my PC. I don’t have a secondary PC either. I was able to download the file scanners to my iPhone, but it seems like you can’t XFER files (other than video, music and movies) from iPhone to PC w/o additional software installed… Which of course, I can’t download and install…
BUT the good news…
I have a Flashdrive that contains Farbar Recovery Tool from the last time I had this problem! I was able to copy it from flash drive to my desktop and run it. It is a couple months out of date, and I can’t update it due to my issues.
So hopefully this scan and info will help you help me…
Just checking in… I got access to a laptop, was able to copy and move all the files requested… Give me a few, I will post logs here shortly…
MalwareBytes came up clean, mainly because I ran it before seeking help here… I’ve done a print screen (included) of the files I Quarantined in case anyone needs to take a look.
I probably shouldn’t say this. MBAM shouldn’t have come back Clean. 0Access doesn’t usually let the files it has be deleted and moved like that. Did you update? Also that log would be helpful for the Anaylst
There is RogueKiller… there are 4 files, I think I accidentially hit DELETE twice and FixShortCuts twice (because I couldn’t tell if they were done or not).
Yes, I updated before I ran it… Did a QuickScan… Just so you know, when I ran it previously (before posting here) it did find malware and (I assume) removed it. It also created a log file BUT… I wasn’t able to save any files on my PC (due to this virus). It seems that part of it has been resolved, as I can not save the log files.
But now that MBAM is coming up clean, no log file is being generated.
I didn’t tell you to run RogueKiller. Now i need to see fresh FRST logs please. Run FRST again, check all boxes and press Scan button.
Attach here fresh created FRST and Additional reports.
note: If FRST inform you to download newer FRST version, do it.
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
START
BHO: No Name - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\Users\James\Desktop\RK_Quarantine
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
CMD: netsh winsock reset
CMD: ipconfig /flushdns
END
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
----- Next ----
Please download ESET Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself. http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Post here fresh created logreports.
----- Next ----
Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
===================================
How is your computer running now? Check if Windows Update works?
Edit: Everything seems to be working fine… Windows Defender, Firewall and Update all seem to be working now. I can download things, and I can patch (and play) my online games.
Thank you very much for your help (once again).
Hopefully I won’t have to come back here any time soon
Now click on “Run” button. Wait for the programme completes his work.
=>All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt
